sudoxreboot/habitica
1
0
Fork 0
mirror of https://github.com/sudoxnym/habitica.git synced 2026-05-23 22:27:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(cors): expose rate limit headers to clients

Browse source
This commit is contained in:
Matteo Pagliazzi 2020-07-17 19:00:16 +02:00
parent e7c8833c9a
commit 6743dcb08a
2 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
test/api/unit/middlewares/cors.test.js
View file

@ -6,7 +6,7 @@ import {
} from '../../../helpers/api-unit.helper';
import cors from '../../../../website/server/middlewares/cors';
describe('cors middleware', () => {
describe.only('cors middleware', () => {
let res; let req; let
next;
@ -22,6 +22,7 @@ describe('cors middleware', () => {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'OPTIONS,GET,POST,PUT,HEAD,DELETE',
'Access-Control-Allow-Headers': 'Authorization,Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client',
'Access-Control-Expose-Headers': 'X-RateLimit-Limit,X-RateLimit-Remaining,X-RateLimit-Reset,Retry-After',
});
expect(res.sendStatus).to.not.have.been.called;
expect(next).to.have.been.calledOnce;
@ -34,6 +35,7 @@ describe('cors middleware', () => {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'OPTIONS,GET,POST,PUT,HEAD,DELETE',
'Access-Control-Allow-Headers': 'Authorization,Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client',
'Access-Control-Expose-Headers': 'X-RateLimit-Limit,X-RateLimit-Remaining,X-RateLimit-Reset,Retry-After',
});
expect(res.sendStatus).to.have.been.calledWith(200);
expect(next).to.not.have.been.called;

2
website/server/middlewares/cors.js
View file

@ -3,6 +3,8 @@ export default function corsMiddleware (req, res, next) {
'Access-Control-Allow-Origin': req.header('origin') || '*',
'Access-Control-Allow-Methods': 'OPTIONS,GET,POST,PUT,HEAD,DELETE',
'Access-Control-Allow-Headers': 'Authorization,Content-Type,Accept,Content-Encoding,X-Requested-With,x-api-user,x-api-key,x-client',
// Expose rate limit headers to CORS requests
'Access-Control-Expose-Headers': 'X-RateLimit-Limit,X-RateLimit-Remaining,X-RateLimit-Reset,Retry-After',
});
if (req.method === 'OPTIONS') return res.sendStatus(200);
return next();